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Abstract of JP 2000321979 (A) 

PROBLEM TO BE SOLVED: To permit high velocity 
and safe cryptography method and signature 
method by providing a polynomial arithmetic device 
with first the second power calculation means and 
allowing the second power calculation means to use 
the result outputted from the first power calculation 
device. SOLUTION: In this polynomial arithmetic 
device, a first power calculation part 401 calculates 
and outputs X'p, X'(2p),..., X'((d-1)p) in one variable 
polynomial residue ring R=GF(q)[X]/r(X) with GF(q) 
(q=p'n, where p is prime number, and p'n means nth 
power of p) as a finite body, X as a variable, and a 
solution as a previously given r(X) (degree d) being 
a coefficient GF(q). A second power calculation part 
402 outputs X'q by inputting X belonging to R and 
X'p, X'(2p),..., X'((d-1)p) of the first power calculation 
part 401 .; A third power calculation part 403 
calculates f(X)7((q-1)/2) by inputting X belonging to 
R and X'p, X'(2p),..., X'((d-1 )p) of the first power 
calculation part 401 . 
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(54) ismvzm &mmmm, nnwm&wmus mmm^^mm^mmwmm^x^A 



(57) [mm 

mm] *mi±. ammiammmmi. 

I ti®&& 3 %RSf*GF (q) (q=P^n s P : » ±.<0$>m, 
r(X)*mt~r& lft^l J*SR=GF (q) [X] / (r (X) ) 
fcfc^T, RtWf l>«*X f(X)£A^fcU Rtdi 

-fh fWq, f (X)- ( (q-1) /2) Jfcfj-T S ^JM* 

glti^T, luie^lMXtMLT. XV X A (2 P h X A 

(3 P ) X^((d-l) P )^|f^|,®lgSI|fmgPt, f 

<xr«q-l)/2) ^l+mt-S®2SSIIfS:gP^fix, MIES 

2S^it^i5«± , mimmmm^m* t> &u § tit 
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(q) (^n)±C0^4l ^tLfZ^m^r (X) gmm 
t -fl> l^S^lMfJ^HR=GF (q) [X] / (r (X) ) fcfc^T . 

RC«tl.»*q, f (X) * ( (q-1) 12) * mtsi-h^m 

fflie^lM^X^MLT, XV X a (2p), X A (3 P ) X' 



«4ri)p)*m.-t&mvgmmmb . f (xnu-D/ 
2) z$mt&m&mm*mk mi , 

[it*ii2] mmmmmmmte, f(xn( P -D/ 
2) mn-t^mmm^x^ h . mmmmm 



f(X)-((p A 2-l)/2) = (f(X)^((p-l)/2))>Xf(X) A ((p-l)/2) 
f(X)"((p^-l)/2) = (f(X)~((p^2-l)/2))>Xf(X)"(( P -l)/2) 



f(xr(( P ~n-l)/2) = (f(xr(( P ' 

nmm 3 ] ftM-t btitimtm (p) <«±#;gf 

(q) (q=P A n)^ttrRftU£A^fc U mlB^Rftiacofi 

mmmmmM^^^ ztumm^xmm 
mmHwmmmmm.m*. mmuzmmnm 

mm. 

[ii*ii4 ] j-ib^t htitz^mm (p) ?m±m 
(q) (^n)±cr,mnm^xtit u miaflmtioti 

t>tit:%fflmm%t&mim£Mt . mem®* 

mmmmm^^^^ ztumm^xmrn 
mmmmmmwimm^ tmmzmm^m. 

mm. 

umm s ] iwx t>tiizmm (p) ow&m 
(q) (q=P A n)±T«§ti. i-tb^z-Wzmumtz-t 

n-tmmmmmmmk . mmmHmm^xm 
feitzmmm , mz4i Mz^xmithmn 

umm 6 ] tix/i^ESfrGF ( P ) comxm? 

(q) (q=p A n)±T«Stl. W^i^tl/S^^il/St- 



(n-l)-l)/2)>Xf(X) A ((p-l)/2) 

* t titzmmmmmmzs^x , ^Rfis^i^ 

m&mmimmmwit . mmmmmm^x 
ikfcitzmmm, ma^t Mzmxm^thm 

mm^mmmmmt. mswAiz^mcotmm 

m. 

(q) (q=P~n)±x«§tu i-m-i ^tifz^mrzt 
mmmzmv^mnmm^x^x'fc-ox. w 
41 titifzmmm&mmzs^x, mmmwig. 

mmmmttmBmw&mmzk vmsix 

[|f*il8 ] fib^-l t>tifzWmw(p) ^K^frGF 

(q) (q=p A n)±?^§il, ^fe^i 

tuiB^Rfinemt+mgPii, mmiiz$m<o$mm 
mmnmmmtmmn^immizx y)^^ti 
text mmttmwmmm^x^^. 

[000 1] 

mz. mnmmzm^xmft&^m^j? 
mz&mm. mmmm^xmrntm o itiek 

[0002] 
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mmmm^t^ t%< mmzm ? n^x% i, „ 
'S^ts Ltz y . ifXThh z t ittm-t imm^xfo 

t tem^mmm^mzmm-tuztbm^x-fo y . 
^s^am ffi^ t aft ^tr* a c^^r ^sawix- 

icW$>& 0 <Iil(i;Neal Koblitz,"A Course in Number 
theory and Cryptography" , Springer-Verlag, 1987 t^p 

[0003] mRm±vmw&msm>mm)Z3} 

PI#cGF(q)(q=p A n)±S«Sil/S^RftllEt U EtOffiS 
Y=xG 

[0004] mmm±mmmmmtziin^Mm 
mmmztixti y , ^^^LTS^ttrRwa^ 
j§j£ts#w£> s . im^t^xammmiztt ix 

W,&±ftWL, 1995, 155^.- ^'-456^.- ^#8g) . Lfc 
^HiJ&^fc&S. »Ri»?c^[4i±. ^ffRffiff 

[00 0 5] ^R«^*«Si£t L/C 

(1) CM&£F44^|,flMi£ 

(2) mmnnvd yx&m^i mtm 

Mzmnm^m&T^^W ^tl(iA.Miyaji,"On Ord 
inary Elliptic Curve Cryptosystems" , ASIACRYPT'91,S 
pr i nger-Ver 1 ag , 1991 , 460^.- 'JtW U \ 

(2)nyy^Mzmmmmm^^\ mmmff 

[0006] (mmi) m4 nmmmmmmnr^ 
y xa imv^mmmtkj&mm^trv v?mxfo 

|) c (N.Koblitz, "Ellitpic Curve Implementation of Z 
ero-Knowledge Blobs" , J. Cryptology , vol . 4, No. 3, 1991, 

207^-^2i3^->>'#EfS) . mtmwmmm&m 



stepl:SLS^i5101 
ste P 2:flfRffiHf££S!102 

step4:ffR«*frffl£gfll04 

[0007] JiiBT^fci -3 tfiiMfim^' y xa 
itm^m®;mmmfwm\ ^ . ±ta#*MiTm 

lfEB#r B 1^^l>»FJt#'step3^^RftSfiMfE^T" 

* I) o ftRfillcofiii ^tmf 5 T)V-d 'J XAiO^l: 
Schoof^T/I/ rf U XJ*jfifoh . .ICDT^rf U X'Aii^If 

hoof £07;k3"y XAtiElkies, Atkinfc X nX . SEA7;k 

[0008] (t^*M2) n 5 nm.mn2ffmkT)v^ y x 

X\ R.Lercier, F.Mora in, "Counting the number of poi 
nts on elliptic curves over finite fields: strateg 
ies performances", EUROCRYPT'95, Springer-Verlag, 199 
5, 79-^->^94^-^J>l> i, ayxhh „ Wtf$8ffM 

mmmM204frt>%&« ar. mm^mmmmt 

[0009] P £Sit q=P^nt L, GF(q)±«fSRflHE 
^g:ct£y^r3+ax+bfc-f & 0 ^^T", x A a(i;x^aj|| 

f(x)=x A 3+ax+bt^|, 0 
stepl:Mlffl!SjE^201 
l:=2tt-|>. 

ste P 2 : HR ffi^fiSffi fglt^202 

t mod 1 Modular^JM$l(T)^-^ 

mTco^iM^GF ( q ) [T] t*s it S mittMc?>-m=F <r> 

mznm^xm^ x o \,zm>& „ Moduiar^ii^ 

(i. R.Schoof, "Counting points on elliptic curve ov 
er finite fields", Journal de Theorie des Nombres d 
e Bordeux 7, 1995, 219^-^-254^- i^ff L < $K 

[0010] step2-l.-^H^ii^2«i; % 
t mod 1 &S«j|, 0 Isogeny cycle StiO. 

t mod l"n(n=2,3, . . .) SrSRfclio Isogeny cycke^ii, 
J.M. Couveignes,F.Morain,"Schoof's algorithmand iso 
geny eye les",ANTS-I, Lecture Notes in Compute Scien 
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ce 877,Springer-Verlag, 1994, 43^-^'— 

[0011] step2-2.— &H^8t#l£fc&l+l<7>i:# 
t mod 1 0 §^ Isogeny cycle ffifci; 0 . 

t mod rn(n=2, 3,... ^OfcK Isogeny cy 

cie mimm^mx'fcifrmfe-fi. 

[0012] step2-3.-^H^-c7)ii^'0c?)t # 

t mod lOKD#l»ffi^*^[0,l l-lJA^iKOS* 

tf. 

ste P 3:|tmKTfl5ggP203 

11" (nl) Xl2*(n2) x. . . xlk~ (nk)<;4Xq A (l/2)T"J>l> t 

# (11,12 Ik immTfo^. lk=lh 1:=(1^^0« 

i£)fcLT, step2tHa. ^ixWMi^cOste P 4^3i 

tf. 

step4:finft*lfia^^204 

match&;sortT/p3"yXAtj; fi$t£5t^U ft^-f 
|> 0 matchS;sortT;l^n"yXA(i i R. Lercier, "Algorith 
mique des courbes elliptiques dans les corps fini 
s", These, Ecole Polytechnique-LIX, 1997 ^f¥L<}£ 

[0013] step3^fljtiistep2T'vh§^3|i[lkt;ML 
X. t mod \k~(nk)tXSfoX^& kiE&LX^t , ste 
p2-l,step2-2Ttit mod r n (n=l,2,3, . . .) ZWb&tfZ. 

£(X,Y)£fflVrc\ tlT^^k^fel,. 
[0 0 14] (X^q,Y"q)=k(X,Y) 

ZZX\ k(X,Y)(i*(X,Y)^f|Rftll±^kff *T"J) 0 . 
Y^2=f(X)=X'3+aX+bT"$>£ 0 J^ff-ITteXfc^i: U 

_h5&9k Ifzbb, ±,^JH(DX\ t Y*q=Y xf(q-l) 
^^toSitfgtf&S. lOfzib, X A qtY A ( q -l)=f(X)^ 

((q-D/2)^itm^ff a . ^^ffjrtji^pjj^ 
&.ztimtotix^h„ 

tools] {mm)me\i®m&n$>mMmm 

^■(4. UlSflftJtaBOlfc, H2SfgffjrS5302^& 
[0 0l6]St^l.Mji;&r(x), ^ey&midtt 

stepl:^lSSI|f^301 

XV X*(2pK X*(3p) X*((d-l) P ) mod r(X)£;£ 

ste P 2:Sl2SStfrJi:S5302 

X^(p^2). X'( P A 3) X~( P ~n)£;£#>l>o 

[0 0 17] step2T"y\ GF (q) \WkX'h & ^Ijfife (X) H 

(g(X))Vg(X» 



til.it ^fflffl LT Ul, (D. E. Knutfcf, ^JH^IR, " 
«B JKMffi^Jr , KNUTH »», X yxit, 26 
6^-^— 267^-^'#Kg)„ r«ttf g(X)<7)XX 
2, . . . X(d-l)£imgffSm^<£>fcX>X(2p) , . . . ,X 

a ( (d-i)p) mi h c\ t T", (g(xr P ) &%t>ti& . 

[0 0 18] icoiat, X*q r/l^>JXAt± 
#4t"l>*\ Y A (q-l) ^feSW&T^'y XA#& 

?t3. upu s^jmitjr*^^/^ sea r;i- 

[00 19] 

mmxhi, ztDtmbiz^ mmm^f&mmm^. 
[0020] mmmr^o x^mv^mnmmco 

T>vd y xMmm^xhh^KTivd y x& (mm 
2) [zav^xii, ^immimtvMm%m%m-±is 

[0021] jfwm. w±^%m$mzii\Thmw& 
im^xfshtitz^x\ ^m^m±mMnco$mm 
mzmmt&z\biz£t). mHm&emm&nmm 

[0022] 

[ mmmmtz t&mm imm iz& nmm 

(4. i^^^til/i*Pfi#:GF(p)Wte^#:GF(q) (q= P *n) 

^iMfij^iiR=GF(q) {x)/(r(x))iz^^x, mmtiz 
ikx, f(x)^A^tt. Rtzm-t&zm&fi. far 
((<r\)/2)z&jii-&m&mmmx'$>^x. mm 

m^znix, x* P , r<2p), x^(3 P ) x^((d-i) 

P ) $tmt&mi%mm^®b , f (xn( q -D/2) m 
wt&w,2umm^mmi. mtm2mmm^& 

c\b^mmbth{tztzL.. P^n}4p«nsi£^n . 

[0023] »S2Hi3(tS^Bj(i, If«IIlcom2S 

mmmt. fan ( p -d /2) srt^-r 5 *mmm 

oTH. fflia^lS^lt^l5^^**§^l»*SS& 
ffll^T , f (X) * ( (p a 2-1) /2) = (f (X) * ( (p-1) /2) )' P xf(X)* 
( (p-1) /2) , f (X) * ( K3-1) /2) = (f (X) * ( ( P *2-l) /2) ) > x 
f (X) A ( (p-1) /2) f (X) A ( ( P A n-l) /2) = (f (X) A ( ( P A (n 

-l)-l)/2)>xf(x)^((p-i)/2)tJ;y|fEt-|>;t^# 

[0024] msm3izmf&wm±, w^^te 

^PI#cGF (p) C0m±mF (q) (q=p A n) _bC0»PJfttft * J J) 
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[0025] msmuztitfi^miz. f^i^titz 

^HflsGF (P) cnm-M (q) (q=P^n) ±Off RffiitSfc Atl 

m&mffix.. mmmmmmmmmi, if* 

[00 26] M*«5tt3(t5^BB(±. f^L^ixft 
^rUflsGF ( P ) ?)fifc*;flsGF (q) (q= P ^n) ±T"£lt$ tu W 

jmrnxh^x, ^m-z. wzmmmm.mmzm^ 
^x. mmm^&i-immmm^t .. mmm 

t . Mimmmm^xik&Lfzmnmm , fria^ 
[0027] m%miz&ft&%m±. f^tnfc 

*RB*GF (p) ^fe£±#:GF (q) (q= P A n) ±T«§ *U ^tf> 

^tMzmmtztmmm&^hmmm^ 
fmmxh->x. f^H-i ^MzmBwm%.mzm? 

mmmnmmMm±, mm^zwmimmm. 

[00 28] lf*lI7t:fc(tl»%0f!ii, "fm-Ltitifr 
*P1*GF (p) ^fe£±#:GF (q) (q= P ~n) ±T«§ *U 

mtmmmk^xik^Lfzmmmi . mm 

mtmmmmMma, msmizsmcommm. 
mmmmtt&mpim&jsmmzi*). 

[0029] immuzmiimni±. ftb-^-i^titz 

*P1*gf ( P ) <mk#w (q) (q^P^n) ±T«§ *U ^ #> 



^x. mmmmm-mmmm&ut . mm 

t . mmmmmwifcMxikmitzmmm , mm$- 
t Mzm^x-mfctimmnmw&mzmt . m 
mmmmm.m±. mtm^zsmmmm. 
mmmmtt&mmmjsmwizj; <o . tk^ti 

[0030] 

imxom&mmi mm. *mmmizm&m 
^mmmm^^-rf^ -v 7 mxh & . 
[0031] z^mmmmmt, wmzrmhTJV 

GF(q)( q =p^n, p-.mmzwm, x^atu g 
f (q) bixfcx (x) oms) zmb-r&i 

^l*^lMfJ«=GF (q) [X]/ (r (X) ) SZ&^X , Mzmt 

l^mMtf(X)iXtltL. X*qfcf(X)*((q-l)/2)^tfi 

m-th^^xh^, 

[0032] ^m^mmmoii; Bismm&m 
[0033] mmm§mmAom. mmtuzxtib 

XV X A (2 P ). X A (3 P ) x*((d-i) P )£ff-g:u 

[0034] m2Sailt^402(i, RtMf !>XtmiS 
?llfi:i540W^ai^S^x-p,x A (2p) , . . . X((d-i) P ) 

[003 5] H3SStffJi:S5404fi. RtJR-fSf (X) t^l 
SSIIf EgP401*^ 4 tfj^ S ix^X> , X A (2p) T ( (d-1) 

p)U*a, f(x) A ((q-i)/2)^iti;t-i> 0 

[0036] (^2^tfSSP402^fi£)H2 i±, ^2® 

sin m&memm^t7'ri », 9 mxhh . 

[0037] m2S5Hf^402(i, R^Mf SXt^lS 
^lfi:i540W^ai^S^/' 1 :X'p,x A (2p) , . . . X((d-i) P ) 

[0038] m2smmumz. wam^mQi 

[0039] UJfiIfIiaS^4021(±. c=l(c(i^^y^). 

g(x)=x* P fc^rs„ 

[0040] ^5e^aj4022(i, g(x) tmmmm 

SP401 ffi^J $ tl^X> , X~ (2p) , . . . , T ( (d-1) p) £ A* 
fcU (g(X))*pS:tlSt. g(X)fceS#>T;fc<. 

[004 1 ] ^lM^fiil4022T"(ililT^ltE^ff a . 

[0042] (g(X))* P =gO+glXVg2X*(2p)+. . .+g(d-l)X 
^((d-l)p) 

Zc^X, g(X)=gO+glX+g2X A 2+. ..+g(d-lX(d-l)(gO, g 

1 g(d-l)(±GF(q)^7C)T"J)l»tfMSLTUl> 0 

[0043] ^7We§P4023(^ c=nT&Sj&^3&^fl 

[0044] lilTt. ^2S^ltma5402^»{t^7St- o 
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[0045] ®mmmmo2m, ^y^ c =i, g (x)=x 

01frt> Hiti ZtitzX^p, X a (2p) X*( (d-l)p) & a^j-t 

*>. #lM«!54022!i. (g(X)r P lr!fJi:U g(X)fcE5 
ftT£< 0 ^Tfl5EgPT"4023(i:, c=nT"$>l>*W^'J 
5eU c=nT"J)l>t^(i, g(X)^Jf}^L, III. ^ixiil 
mi. ctc+l^ffiftT*J#. #IIi<M^4022 fcMS. 
[0 0 4 6] (®3S*f+i^403cOffijiSc)H3ii;, f>3S 

[0047] m3saiiti:gP403i±. RtJi-f &f co tmi 

Slgft*M401^ft^§^XpX(2p), . . . X((d-1) 
p)£A^fc U f (X) A ((q-l)/2)SlfEt-|>#lMfl^ 

[0048] m3mmmuA03i±, ^mmM-msi 1 , 

DJfiIfIIS^4032fc. #lM»M)33fc. #IM^ 
gP4034t, &7fl5£aS4035£ff;tS o 
[0 0 4 9] *r B 1ftJrS54031(i;. f(xr(( P -l)/2)£ftJr 

[00 50] MI«ES54032Ji, c=L g(X)=f (X) A (( P 
-l)/2)t^TS. 

[0051] %im3mmo3m . ^mimmozzt 
[0052] ^mm.%mm\i, g (x> tmrap-D/ 

[00 53] *UflSSI540 3 5(±, c=nT"S> i» 

[00 54] lilTt. S&S*fl«403Wi!rft^i\ 

[0055] ^mmmoim. airi^m^tm 

U tfJ^S. MKH-Ira54032ti:, #^*c=l,g(X) 

=f (x) a ((p-d/2) tias u zwzmmmitzgix) t 
mmmmnmoifr ^mts$ tuzr P , x a (2 P ) , . . . , x a ( (d 

-1)p)^A^S, #lJ!5^gMP4033(i, (g(X))>^|f 
EL, g(X)fc&tf>T£<. #Il5tSli:^4034T'\ g(X)t 
f(X) A ((p-l)/2)^SIU g(X)tffitoT*3<. IITWS 
gfi4035(4, c=nT"J)l>^*^WSL, c=nT"£>l>t^ 
(4. g(X)£tf^]U ^illiWi. ctc+l£&#>T 

[00 56] lilTt. *#II^Ii:^40^1)^^7S 

■r. 

[00 57] *g»'itH»§ixl> t , £1\ miSSIIf 
SgP401(i:X'p, X*(2pK X a (3p) X A ((d-l) P ) £ff 

uttfj^j-rs. ^s^itEMii. mis^itwoi 

frt>£j]Ztit:Tp^ X*(2pK X a (3p) X*((d-l) P ) 

iX^A^iU X^fcH-JULjfcWS. &t®3S3tft 
g8B403(4. ®lSSIf^401^^ai^$^X>. JT(2 
p). X A (3 P ) X A ((d-l) P )fcX£A^fcU f(X) A (( q 

-D/2) fcff-JTU X^qt f (Xr((q-l)/2) fctfj^-f S„ 

[0058] ;^^i+e*c3^t^b^i> o *nm 



[0059] %mm&m%m&mi\t-r& . f£*^ 
f(xr(( q -i)/2) ^j^ssm^ - 

0. S<*bZVtfz. <I<7)*§£\ ltm*(i:3/2!q!xPMulT"S) 

(4, 4irHllfS:gP4031o|fS:M*\ 3/2!p!xPMui(! P !(j;p 
Ot"-y hiSOT"S> 0 , #lMS^4033^|+E*iilXPM 
ul. #lI^^4034c7)|tm»4lxPMult"S) l 9. 
5<M^4043 1 #lMSIg^4044(i , n-1 0g 0 Mt?) 
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